home

uninstallmodule.exe

CONCEPTION SELECTION DISTRIBUTION INTERNATIONALE

The application uninstallmodule.exe by CONCEPTION SELECTION DISTRIBUTION INTERNATIONALE has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from csdi-dlstatic.clean-navigate.com and multiple other hosts.
Publisher:
CONCEPTION SELECTION DISTRIBUTION INTERNATIONALE  (signed and verified)

MD5:
03d97b2e417e8ab0b3ab0f03299f8676

SHA-1:
be849e9e9957fb23f2269ec5ef2b22f16b440116

SHA-256:
0e0e9244ca2ada0f3459a4f022e514be9d772ec99921dad7fc60728079b92743

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 4:52:10 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3114

Dr.Web
riskware program Program.Unwanted.710
9.0.1.05190

herdProtect (fuzzy)
variant of nsg8fd8.exe
2015.8.7.2

Reason Heuristics
PUP.Optional.Installer
15.6.15.13

Vba32 AntiVirus
suspected of Trojan.Downloader.gen
3.12.26.3

VIPRE Antivirus
Threat.4725471
45468

File size:
90.6 KB (92,816 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\uninstallmodule.exe

Digital Signature
Signed by:
CONCEPTION SELECTION DISTRIBUTION INTERNATIONALE

Authority:
GlobalSign nv-sa

Valid from:
12/16/2014 2:36:07 PM

Valid to:
12/17/2015 2:36:07 PM

Subject:
CN=CONCEPTION SELECTION DISTRIBUTION INTERNATIONALE, OU=Xhopever, O=CONCEPTION SELECTION DISTRIBUTION INTERNATIONALE, L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112106B28CB2E4D8370E3EC157B3C5B3FF12

File PE Metadata
Compilation timestamp:
10/7/2014 6:40:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:H8DE/p+FNX2AdvND8fKb0DlXJEJK4Romu/TN2SFJk6x8ZpmIcP2MbsK6StPiFlNo:H8Dsp+FNX1dFOvDlXJuK45eDZx0mFP2K

Entry address:
0x30E2

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, 78, E4, 42, 00, E8, A8, 2D, 00, 00, A3, C4, E3, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 00, 88, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, C0, DB, 42, 00, E8, 52, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 40, 2A...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file uninstallmodule.exe has been seen being distributed by the following 2 URLs.

http://csdi-dlstatic.clean-navigate.com/dl/crv/.../UninstallModule.exe

http://repo.csdi-media.com/UninstallModule.exe

Remove uninstallmodule.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.